On 6/27/06, John W. Hill <[log in to unmask]> wrote: > I'm running SL_4.2 and I am required by my employer to begin using > OpenSSL-fips-2.0 within a few weeks. I don't have a problem building and > installing from the source, however, I'm not sure what other > applications I will break once the new openssl takes over.What do I do > with the existing OpenSSL, leave it, remove it? I'm also running SSH > and VSFTPD on this server. Any recommendations on how best to approach > this? Thanks. > There are several factors driving towards using FIPS SSL. If you are supposed to use it in your project and that alone then you could install it in /usr/local and use that for your development. If your parent agency is needing FIPS compliant for all of its computers then you will need to do a large rebuilding process for all applications that link to the SSL libraries. Basically, you could build a new FIPS openssl rpm and then rebuild the following packages: NetworkManager-0:0.3.1-3.i386 xmlsec1-openssl-0:1.2.6-3.i386 perl-Crypt-SSLeay-0:0.51-5.i386 kdelibs-6:3.3.1-3.14.i386 crypto-utils-0:2.1-4.i386 openssl-devel-0:0.9.7a-43.8.i386 mod_ssl-1:2.0.52-22.ent.i386 authd-0:1.4.3-2.i386 libpcap-14:0.8.3-10.RHEL4.i386 openldap-servers-0:2.2.13-4.i386 xmlsec1-openssl-devel-0:1.2.6-3.i386 sendmail-0:8.13.1-2.i386 dovecot-0:0.99.11-2.EL4.1.i386 tog-pegasus-1:2.4.1-4.4.rhel4.i386 exim-0:4.43-1.RHEL4.5.i386 curl-0:7.12.1-8.rhel4.i386 openssl-perl-0:0.9.7a-43.8.i386 postfix-2:2.1.5-4.2.RHEL4.i386 > John > > -- > +-----------------------------------+ > + John W. Hill, Electronic Engineer + > + NOAA Aircraft Operations Center + > + Science and Engineering Division + > + MacDill AFB, FL 33608 + > + + > + Office: 813.828.3310 x3108 + > + Cell: 813.833.8518 + > + FAX: 813.828.5061 + > +-----------------------------------+ > > > > -- Stephen J Smoogen. CSIRT/Linux System Administrator